Service Hotline: +4922159984000

Data protection and privacy

We are delighted that you have visited our data protection page.

At LEAV, we are aware of and take seriously our responsibility when handling your personal data and the associated privacy issues. It is therefore a matter of personal importance to us that we observe and comply with data protection regulations, in particular the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

In unseren Datenschutzhinweisen informieren wir Dich darüber‚ wie wir personenbezogene Daten sammeln‚ speichern und verarbeiten und verdeutlichen Dir Deine Rechte in Bezug auf Deine personenbezogenen Daten.

This privacy policy applies to all services offered by LEAV Aviation GmbH (LEAV) and to the sale of flight tickets on our website: www.leav.com.

1. What is personal data?

Personal data is generally defined as any information relating to a living, identifiable person. This includes, among other things:

  • Surname and first name;
  • A private address;
  • Date of birth
  • An email address in which your first name and surname are recognisable. Example: maxmustermann@unternehmen.com
  • An ID number;
  • Payment information
  • Location data (e.g. the location function on mobile phones);
  • An IP address

The following sections explain which personal data we collect, store and/or process.

2. Who is responsible for data processing?

LEAV Aviation GmbH, Von-der-Wettern-Str. 25, 51149 Cologne, +49 2203 2908491, is responsible for the processing of your personal data in accordance with data protection law. Wherever ‘we’ or ‘us’ is used in this privacy policy, this refers to the aforementioned company.

If you have any questions or require further information on the subject of data protection, please do not hesitate to contact our data protection officers at any time by email at datenschutz@leav.com.

3. Where do we obtain the data?

We obtain your personal data via our website, our service centre or our social media channels.

4. What data do we process? For what purposes and on what legal basis is this processing carried out?

You can use our website without providing any personal data (such as your name, address or email address). However, in order for you to access our website, we must collect and store certain information. If you use the functions offered on our website, your personal data will be collected and stored automatically.

We collect and process personal data to the following extent:

We process your personal data (for the purpose of) fulfilling contractual obligations in accordance with Article 6 of the GDPR, such as:

  • Issuing flight tickets
  • Sending booking confirmations
  • Providing your flight-related services
  • Managing the check-in process
  • Collecting your contact details, which are necessary for fulfilling the transport contract and providing information about your booked flight
  • Preventing and prosecuting criminal offences (e.g. credit card fraud)

Cookies and tracking:

We use cookies and tracking software to tailor the functionality of our website as far as possible and thus contribute to user-friendliness when navigating our website. Tracking software collects pseudonymous usage data to enable unique identification of the browser. With the exception of cookies, no data is stored on your device.

The legal basis for the use of cookies and tracking is Section 15 (3) TMG and Article 6 (1) (f) GDPR.

What is a cookie?

A cookie is a small text file that is placed in your Internet browser when you visit our website and activates the functions of our website. Cookies enable us, for example, to identify your device when you visit our website again and to secure your access to the website. They enable the website to store the following data, for example:

  • Login data (IP address of the device logging in, time of login, location from which the login is attempted);
  • Type of browser;
  • Demographic data (age group, gender);
  • Data about what you are searching for on the website (which areas you visit and which products/services you are interested in, for example).

Further purposes of using cookies:

  • To ensure the efficient and secure functioning of the website;
  • To activate and support our security features to help us detect hostile activity on our website;
  • To research, understand and improve products, features and services, even when you access our website from other websites, applications or devices such as your work computer or mobile device;
  • Recognising returning visitors to the website and personalising their experience;
  • Avoiding re-registration or re-entering information each time you visit the website;
  • Using cookies to collect statistical data about the number of users of the website and their use of the website.

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called ‘cookies’. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.

Google Analytics cookies are stored on the basis of Art. 6 para. 1 lit. a GDPR.[HG1]

For more information on terms of use and data protection, please visit https://www.google.com/analytics/terms/de.html and https://www.google.de/intl/de/policies/.

IP anonymisation

We have activated the IP anonymisation function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.

Browser plugin

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by deactivating Google Analytics. To do this, download and install the plugin for your web browser. An opt-out cookie will be set to prevent your data from being collected on future visits to this website: https://tools.google.com/dlpage/gaoptout?hl=en.

Objection to data collection

You can prevent Google Analytics from collecting your data by clicking on the following link https://tools.google.com/dlpage/gaoptout?hl=en. An opt-out cookie will be set to prevent your data from being collected on future visits to this website.

Order data processing

We have concluded a contract with Google for order data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Demographic characteristics in Google Analytics

This website uses the ‘demographic characteristics’ feature of Google Analytics. This allows reports to be created that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google and visitor data from third-party providers. This data cannot be assigned to a specific person. You can disable this feature at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section ‘Objection to data collection’.

Google Analytics Remarketing

Our websites use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This function allows the advertising target groups created with Google Analytics Remarketing to be linked to the cross-device functions of Google AdWords and Google DoubleClick. This allows interest-based, personalised advertising messages that have been tailored to you based on your previous usage and surfing behaviour on one device (e.g. mobile phone) to also be displayed on another of your devices (e.g. tablet or PC). If you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. This allows the same personalised advertising messages to be displayed on any device you sign in to with your Google account. To support this feature, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data to define and create target groups for cross-device advertising. You can permanently opt out of cross-device remarketing/targeting by disabling personalised advertising in your Google account; to do so, follow this link: https://www.google.com/settings/ads/onweb/. The summary of the data collected in your Google account is based solely on your consent, which you can give or withdraw at Google (Art. 6 para. 1 lit. a GDPR). Further information and the privacy policy can be found in Google’s privacy policy at: https://www.google.com/policies/technologies/ads/.

Flight booking and passenger data:

On our website, you have the option of booking our flights and other services. In order to fulfil the transport contract concluded with you, we process your personal data on the basis of the following legal basis: Article 6(1)(b) GDPR.

When booking a flight or other services on our website or when sending a written enquiry, we may ask you to provide the following data:

  • Title
  • Name (all first names and surnames as stated in your passport)
  • Address
  • Email address
  • Telephone number
  • Date of birth
  • Payment information
  • Passport/visa information, if applicable
  • Travel preferences (e.g. special needs), if applicable

Flight details and passenger information:

If you are booking the flight on behalf of other people, we also require the first and last names of all fellow travellers as stated on their passports or identity cards, as well as the email address and telephone number/mobile phone number of at least one of the passengers.
If the booking is made by credit card, we require the credit card holder’s details, the card number, the expiry date and the CVC/CVV code (3-digit card verification number on the back of the card). If you choose to pay by SEPA direct debit, we require the name of the account holder, the IBAN, the BIC and the country in which the account holder resides.
All information and details required to complete your booking are marked as mandatory fields on our website and without this information, your booking cannot be completed.
Please note that payment information and browser data from the device used may be forwarded to payment service providers in encrypted form. The legal basis for the transfer is Article 6(1)(c) GDPR.
If your flight was booked through one of our travel partners (tour operator, etc.), certain personal data (collected for your booking and relevant to it), such as your name, address, email address, date of birth or any special requirements or needs you have registered, will be forwarded to us so that we can provide the services you expect and have booked.
If you have already made a flight booking with us, you can send us special information such as allergies, special dietary requirements, your state of health, disabilities and other individual needs directly. We collect and store this information in order to take your needs into account when making your booking.
In the context of pandemic control, further information, e.g. on health or previous stays, may also be requested, stored in accordance with legal requirements and passed on to health authorities if necessary (in accordance with Article 9(2) of the GDPR). Depending on the legal situation, the transport of passengers without the prescribed processing of the health data transmitted is prohibited.

Advance Passenger Information (API):

For flights to certain destinations, local authorities already require airlines to provide Advanced Passenger Information (API) about passengers. The number of destination countries is constantly increasing and, in future, member states of the European Union may also require the transfer of passenger data upon entry or exit, in some cases even when merely flying over the respective country. API data is entered by the responsible staff at the check-in counter if it is not already requested in full at the time of booking but is required.

  • API data includes the following information about the passenger:
  • Surname
  • First name
  • Biometric data
  • Date of birth
  • Nationality
  • Passport number
  • Gender

If API data is required for the destination country, we process this data exclusively for transmission to the authorities of the respective destination country in fulfilment of our legal obligations; the legal basis is Article 6(1)(c) GDPR.

Flight-related mailings: We may use the email address you provide to send you flight-related information or offers by email. Flight-related information includes, for example, reminders about online check-in, offers of additional services for your flight such as extra legroom, seat reservations, baggage or additional baggage bookings that can be made online. The legal basis for this is Article 6(1)(f) GDPR and Section 7(3) UWG.

LEAV account registration: On our website, you have the option of registering and creating a LEAV customer account for yourself. The following mandatory data is requested for registration: first name, surname, country, telephone number, email address and a password. Further voluntary information can also be added. To access your LEAV account, we may request information from the data already collected during registration (data for your identification). We process the data associated with your LEAV customer account in order to provide you with this functionality. The legal basis is Article 6(1)(b) GDPR.

Mailing newsletter: If you are interested in our email newsletter and have subscribed to it, we will collect and process your email address and, if applicable, the information you have provided in your LEAV customer account on the basis of your consent. The processing of the aforementioned data enables us to compile information, promotions and offers from LEAV that are of interest to you and to send them to you by email. Your data will not be passed on to third parties, as we process it solely for the selection of personalised content and for sending the email newsletter within the scope of the consent you have given. The legal basis is Article 6 (1) a) GDPR.

Individual customer communication: We store and process information about personal details in your customer profile, your previous bookings and travel preferences in order to increase the user-friendliness of our services through personalised booking histories. The stored and processed data may be used to make default settings that can speed up and simplify the flight booking process, the purchase of additional services or a rebooking. The legal basis is Article 6 (1) a) GDPR.

Previous flight bookings and flight recommendations: After logging into your LEAV customer account, you will noticethat your previous and completed bookings are displayed in the dashboard. The information stored in your profile about previous and completed flight bookings is processed by us in order to show you recommendations for flight routes that may be of interest to you. These are only recommendations to make it easier for you to find the right flight destination. As a guest, you always have the optionto choose a route from the entire LEAV range.

Competitions and participation: In order to offer competitions and contact the winners afterwards, we store your contact details as well as booking codes and competition codes when you participate in our competitions. The legal basis for this is Article 6(1)(b) GDPR.

Contact: In order to provide you with the best possible service, you can reach us in several ways. You have the option of contacting us via our service centre, the contact form, by email or via our social media channels. We collect all the data you provide and store it for as long as is necessary to process your enquiry. It cannot be ruled out that data may be stored for longer than intended after the actual processing has been completed for reasons of evidence preservation. The legal basis for this is Article 6 (1) a), b) and f) GDPR.

Evaluation of data: We may evaluate your personal data to protect our legitimate interests, the interests of third parties and for the following purposes:

  • for the continuous improvement of our business processes
  • to assist in the detection or prevention of fraud and the investigation of criminal offences
  • for individualised communication
  • for interest-based marketing
  • to ensure security
  • to assert legal claims or defend ourselves in legal disputes
  • for personalised communication
  • for auditing purposes
  • for risk management

The legal basis for this is Article 6(1)(f) of the GDPR.

5. Our principles for processing your data

We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
Taking into account the data protection regulations, we only collect and process your personal data
if we are permitted to do so by law or if you have given us your consent. This also applies to the processing of personal data for advertising and marketing purposes.
On our website, we may also collect information that does not in itself allow any direct conclusions to be drawn about your person. In some cases, however, this information may nevertheless be considered personal data within the meaning of data protection law, especially in combination with other data. In addition, we are also able to collect information on our website that does not allow us to identify you either directly or indirectly (e.g. in the case of evaluative or summary information about several or all users of our website).

6. Discretion and your own duty of care when providing your personal data

Please exercise discretion and care when providing your data at all times and observe at least the following minimum requirements for the protection of your personal data: · Please refrain from providing your name, address, telephone number, email address, identity card number, date of birth, account number, health data, other special/sensitive data in the subject line of your enquiry or in the file name. · Please refrain from using your payment details and other financial information and details, your health, detailed information about family members and other specific (sensitive) data or excessive information in your CV, cover letter, other files, texts of enquiries, emails or similar communications that you send to usand · Please ensure that the remaining personal data is only provided to the extent necessary for the purposes for which the letter or enquiry is sent.

7. Are you obliged to provide your data?

In order to offer you all the features of our website, such as registering for a LEAV customer account, subscribing to our newsletter, using our online contact form, booking flights and booking services or special services, we require you to provide certain mandatory personal data. If you refuse to provide this data, we will not be able to provide the above-mentioned features and services.
We endeavour to collect only personal data from you that is required by law or contractually necessary for the conclusion of the contract. If, in addition to the above-mentioned mandatory information, further personal data is requested or collected by us, the provision of this data is voluntary and not mandatory. The mandatory fields are marked to clearly distinguish between voluntary and mandatory information.

8. Who receives your data?

Your personal data will be used, stored, processed and made available to other external providers for our own systems and the systems of our contractors or suppliers. These providers include, among others:

    • Airports and ground handling services, so that they can make arrangements for you and provide you with support

Our technology and data management partners, who help us provide the services we offer.

  • Travel partners, e.g. tour operators
  • External airlines, should they assist us in operating our flights. (In this case, the data protection terms and conditions of the respective airline apply.)
  • Payment processing service providers commissioned by us (card payment intermediaries, SEPA direct debit providers, PayPal) who provide services for us on a separate contractual basis, which may include the processing of personal data, and who assist us in detecting and preventing fraudulent payments.
  • Subcontractors of our service providers engaged with our consent.
  • Government authorities and other institutions acting on the basis of entry requirements, police procedures, etc.
  • We are legally obliged to transfer data to immigration authorities, including within the framework of agreements between the EU and the USA/Canada, the Passenger Name Record Act (FLUGDaG) if the EU destination countries have implemented EU Directive 2016/681, and within the framework of trade and cooperation agreements between the EU and the United Kingdom/Great Britain.

9. Is data transferred to third countries outside the EU?

Your personal data is generally processed within Germany and the EU or the European Economic Area. In some cases, however, we may need to share your data with external contractors and transfer it to countries outside the European Union. Companies and providers outside the European Union may be subject tomay not be subject to the same level of data protection controls as in Germany and within the EU.

If the information to be transferred contains your personal data, we will ensure that the level of data protection is guaranteed by appropriate security measures before transferring it to external providers outside the EU. These safeguards include the use of EU standard contractual clauses as published by government authorities or an independent data protection programme approved by regulators to which contractors/service providers can submit.

For airlines, it is mandatory for certain destinationsto report certain personal data to government agencies and authorities in Germany and other countries. These authorities include, among others:

  • Anti-terrorism authorities
  • Health protection authorities
  • Immigration authorities
  • Security authorities
  • Border control
  • Law enforcement

Even if the transfer of your personal data to the above-mentioned authorities is not always mandatory, we have our own discretion regarding the disclosure of this information to authorities in order to assist them in preventing or detecting criminal offences.

10. How long do we store your data?

We comply with legal obligations (in particular the cessation of the purpose of storage) and deadlines when storing and deleting your personal data. After that, the data is routinely deleted.

The regular limitation period of 3 years for claims is particularly relevant for the statutory periods. In exceptional cases, we may store your data until the expiry of special statutory retention periods (6 to 10 years; in individual cases, however, up to 30 years) if this is necessary for the assertion’ exercise or defence of legal claims.

The following applies here:

  • Processed data relating to your flight booking will be deleted at the latest after expiry of the statutory retention periods of max. 10 years.
  • Processed data in connection with the registration of a LEAV customer account will be automatically deleted when the customer account is deleted.
  • Personal log data collected when you visit our website will be deleted within 30 days, unless further storage is necessary for legally specified purposes.
  • If your data has been processed in connection with customer communication, it will be deleted after a maximum of 5 years (Regulation (EC) No. 261/2004).

Longer retention periods for personal data may also apply if:

  • it is mandatory under applicable law (e.g. Commercial Code, Tax Code, Money Laundering Act).
  • it is necessary for backup copies, the functioning of the company’s information systems or similar purposes.
  • there is a justified suspicion of an illegal actit is the subject of an investigation.
  • the company has received complaints regarding the visitor or if the company has noticed violations committed by the visitor.

The visitor data is necessary for the proper resolution of the dispute, complaint or claim.

11. What rights do you have with regard to your personal data?

Data protection law grants you certain rights in relation to your personal data. We have summarised these for you below.

  • Right to data disclosure

You have the right to information in accordance with Article 15 of the GDPR and also the right to request access to personal data. This concerns information about your personal data that you have provided to us and that we have stored.

If we are required to provide you (or someone else on your behalf) with personal information, this will be provided free of charge.

Please note that we may ask you for proof of identity or details about booking information that can help us find your personal data. If you commission a third party, we require additional written confirmation signed by you in advancethat the person is authorised to make the request and receive the data.

We reserve the right not to provide you with a copy of the personal data if it also contains personal data of other persons or if there are other legitimate reasons not to disclose this information. Once you have made your request and we have all the information we need to start searching for your data (including proof of identity), we will respond within the specified 30-day period.

  • Right to object

Under Article 21 of the GDPR, you have the right to object at any time to the processing of your personal data on grounds relating to your legitimate interests by sending us an email or letter to the email address or postal address provided in the privacy policy.

If you object to the processing of your personal data on legitimate grounds, we will suspend processing until the matter has been clarified.

Data processing may continue despite your objection for the following reasons:

  • The processing is necessary for the assertion, exercise and/or defence of legal claims
  • We have legitimate reasons for processing that outweigh your rights, freedoms and interests

If you wish to withdraw your consent to the processing of personal data for direct marketing purposes, you may do so at any time and the processing will be stopped.

Your consent to the processing of information regarding allergies, special dietary requirements, your state of health, handicaps and other individual needs can be revoked. However, we would like to point out that we will then only be able to provide the above-mentioned services you have requested in part or not at all. If you still wish to revoke your consent, please contact you@leav.com.

  • Right to erasure or restriction of processing of personal data

Certain circumstances give you the right to have your personal data removed from our systems (Article 17 GDPR). To do so, please send us an email or letter to the address specified in this privacy policy.

If we have no legitimate reasons to continue processing or storing your personal data, we will comply with your request to be forgotten.

You may also request the restriction of the processing of your personal data in accordance with Article 18 GDPR for the following reasons:

  • If you have objected to the processing and our investigation of the matter has not yet been completed
  • If the type of processing of your data is unlawful in your view
  • If you insist that information relating to legal proceedings be retained by us

Only with your consentYour personal data may continue to be processed during the restriction period on the basis of a legal obligation.

Legal obligations may include:

  • Storage purposes in connection with legal proceedings
  • Storage rights for the protection of other companies
  • Storage purposes for the protection of other/further persons

The legal basis for restricting the processing of personal data is Article 18 GDPR.

  • Further rights
  • As a data subject, you also have the right to rectify inaccurate or incomplete data in accordance with Article 16 GDPR and
  • to data portability in accordance with Article 20 GDPR

To exercise these rights or to lodge a complaint, please contact us at any time by email at datenschutz@leav.com. The postal address is:

Data Protection Team LEAV Aviation GmbH

Von-der-Wettern-Str. 25

51149 Cologne

You are also entitled to lodge a complaint with a competent supervisory authority for data protection in accordance with Article 77 GDPR in conjunction with Section 19 BDSG. The supervisory authority responsible for LEAV is the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, Kavalleriestr. 2-4, 40213 Düsseldorf, tel.: 0211/38424-0, fax: 0211/38424-999, email: poststelle@ldi.nrw.de.

12. Questions about data disclosure and data protection in general

If you have any further questions about processing, deletion, disclosure, data portability, objection or other topics relating to your personal data, please contact our data protection officer at any time at: datenschutz@leav.com.

Changes to this privacy policy

We reserve the rightupdate or change this privacy policy from time to time.

Cologne, as of 09 May 2023